[Beowulf] Intra-cluster security

John Hearns hearnsj at googlemail.com
Sun Sep 13 04:07:56 EDT 2009


2009/9/11 Stuart Barkley <stuartb at 4gh.net>:
>
> - Each user creates a password-less ssh private key, puts the public
> key in the authorized_hosts file and has relatively unfettered ssh
> access between nodes (nfs shared home directory helps a lot).  This
> seems to be the most common approach.  It is end-user setup/training
> intensive (I suppose it could be automated/audited). I consider it
> dangerous to encourage use of password-less ssh keys.

Yes, I would agree this is the most common approach.
You can automate it by having a script which runs when you first login
to the cluster (Oscar does this).

You can also use shosts trusts.
A script which loops through cluster nodes and runs an ssh-keyscan is useful.


Re. security its the armadillo principle - hard on the outside, soft
on the inside.

_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list